Charming Kitten's HYPERSCRAPE Tool Found Stealing User Data from Email Accounts
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Compromised Credentials
- Attack Complexity: Low
- Threat Risk: Low Impact/Low Probability
A new tool called HYPERSCRAPE, discovered by Google Threat Analysis Group in December 2021, has been found to be used by Charming Kitten to steal user data from Gmail, Yahoo and Microsoft Outlook accounts. HYPERSCRAPE requires the victim's account credentials to run, and once logged in, it changes the account's language settings to English, downloads messages individually as .eml files, and reverts the language back to its original settings once the inbox has been downloaded.
Tip: 11 related IOCs (2 IP, 0 domain, 0 URL, 0 email, 9 file hash) to this threat have been found.